Re: RFR: JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder [v2]
On Mon, 28 Mar 2022 11:44:56 GMT, Olga Mikhaltsova wrote: >> Roger Riggs has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Refactored ArgCheck test to be more readable and easier to maintain and >> backport > > @RogerRiggs when do you plan to merge this patch approximately? @omikhaltsova Its taken more time than expected to get the reviews needed. Perhaps in a week or so. - PR: https://git.openjdk.java.net/jdk/pull/7709
Re: RFR: JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder [v2]
On Tue, 15 Mar 2022 21:11:31 GMT, Roger Riggs wrote: >> Quoting related changes in https://bugs.openjdk.java.net/browse/JDK-8250568 >> modified the way that >> process builder recognized argument strings, causing some arguments to be >> doubly quoted and malformed. >> >> ProcessBuilder encodes command arguments in two ways, a looser legacy >> encoding >> and stricter encoding that prevents quotes from being misinterpreted. >> The system property jdk.lang.Process.allowAmbiguousCommands controls which >> is in effect. >> >> When the property is "true" or not set, arguments are inserted into the >> Windows command line >> with minimal changes. Arguments containing space or tab are quoted to >> prevent them being split. >> Arguments that start and end with double-quote are left alone. >> Some executables interpret a backslash before the final quote as an escape; >> if the argument >> contains first and last quotes, backslashes are ignored. >> >> When the allowAmbigousCommands property is `false`, care is taken to ensure >> that >> the final quote of an argument is the closing quote for the argument and is >> not >> interpreted as a literal quote by a preceding quote (or an odd number of >> quotes). >> >> The PR includes a test matrix of the cases where an argument with spaces and >> a final backslash >> is passed with each combination of `allowAmbiguousCommands = true and false`, >> launched executable, java, .cmd, and .vbs and when the argument is >> surrounded with double-quotes. >> >> The priority for allowAmbiguousCommands = false is that no argument is split >> or joined to another argument. >> In some cases, backslashes are doubled to prevent a double-quote from being >> interpreted incorrectly. >> The trailing backslash in an argument occurs rarely exception when the >> argument is a directory. >> In that case, the addition of trailing backslashes is benign when the string >> is used as a filesystem path. >> >> See also PR#7504, for background and a proposal. > > Roger Riggs has updated the pull request incrementally with one additional > commit since the last revision: > > Refactored ArgCheck test to be more readable and easier to maintain and > backport @RogerRiggs when do you plan to merge this patch approximately? - PR: https://git.openjdk.java.net/jdk/pull/7709
Re: RFR: JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder [v2]
> Quoting related changes in https://bugs.openjdk.java.net/browse/JDK-8250568 > modified the way that > process builder recognized argument strings, causing some arguments to be > doubly quoted and malformed. > > ProcessBuilder encodes command arguments in two ways, a looser legacy encoding > and stricter encoding that prevents quotes from being misinterpreted. > The system property jdk.lang.Process.allowAmbiguousCommands controls which is > in effect. > > When the property is "true" or not set, arguments are inserted into the > Windows command line > with minimal changes. Arguments containing space or tab are quoted to > prevent them being split. > Arguments that start and end with double-quote are left alone. > Some executables interpret a backslash before the final quote as an escape; > if the argument > contains first and last quotes, backslashes are ignored. > > When the allowAmbigousCommands property is `false`, care is taken to ensure > that > the final quote of an argument is the closing quote for the argument and is > not > interpreted as a literal quote by a preceding quote (or an odd number of > quotes). > > The PR includes a test matrix of the cases where an argument with spaces and > a final backslash > is passed with each combination of `allowAmbiguousCommands = true and false`, > launched executable, java, .cmd, and .vbs and when the argument is surrounded > with double-quotes. > > The priority for allowAmbiguousCommands = false is that no argument is split > or joined to another argument. > In some cases, backslashes are doubled to prevent a double-quote from being > interpreted incorrectly. > The trailing backslash in an argument occurs rarely exception when the > argument is a directory. > In that case, the addition of trailing backslashes is benign when the string > is used as a filesystem path. > > See also PR#7504, for background and a proposal. Roger Riggs has updated the pull request incrementally with one additional commit since the last revision: Refactored ArgCheck test to be more readable and easier to maintain and backport - Changes: - all: https://git.openjdk.java.net/jdk/pull/7709/files - new: https://git.openjdk.java.net/jdk/pull/7709/files/a194e439..7db92baf Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7709&range=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7709&range=00-01 Stats: 164 lines in 1 file changed: 37 ins; 42 del; 85 mod Patch: https://git.openjdk.java.net/jdk/pull/7709.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7709/head:pull/7709 PR: https://git.openjdk.java.net/jdk/pull/7709